Get Email Updates

The Dispatch E-Edition

All current subscribers have full access to Digital D, which includes the E-Edition and
unlimited premium content on Dispatch.com, BuckeyeXtra.com, BlueJacketsXtra.com and
DispatchPolitics.com.
Subscribe
today!

By Jim FinkleReuters • Thursday January 17, 2013 6:38 AM

BOSTON — A computer virus attacked a turbine-control system at a U.S. power company last fall
when a technician unknowingly inserted an infected USB computer drive into the network, keeping a
plant off line for three weeks, according to a report posted on a government website.

The Department of Homeland Security report did not identify the plant but said criminal
software, which is used to conduct financial crimes such as identity theft, was behind the
incident.

It was introduced by an employee of a third-party contractor that does business with the
utility, according to the agency.

The department reported the incident, which occurred in October, along with a second involving a
more-sophisticated virus, as cyber experts gather at a high-profile security conference in Miami
known as S4. There they review emerging threats against power plants, water utilities and other
parts of the infrastructure.

Interest in the area has surged since 2010, when the Stuxnet computer virus was used to attack
Iran’s nuclear program. Although the United States and Israel were widely believed to be behind
Stuxnet, experts say that hackers may be copying the technology to develop their own viruses.

Justin W. Clarke, a security researcher with a firm known as Cylance, which helps protect
utilities against cyber attacks, noted that experts believe Stuxnet was delivered to its target in
Iran via a USB drive. Attackers use that technique to place malicious software on computer systems
that are cut off from the public Internet.